President Proposes Data Breach Laws

Almost Every State Has Different Laws

President Barack Obama yesterday proposed new legislation to create a federal standard for notifying consumers about data breaches. The president’s plan would require customers to be notified within 30 days if their personal information or credit is compromised. The current protocol regarding data breaches varies from state to state.

“Right now, almost every state has a different law on this, and it’s confusing for consumers and it’s confusing for companies – and it’s costly, too, to have to comply to this patchwork of laws,” the president said yesterday in a speech at the Federal Trade Commission. “Sometimes, folks don’t even find out their credit card information has been stolen until they see charges on their bill, and then it’s too late.”

In addition, the president announced that several major financial institutions – including JP Morgan Chase, Bank of America and others – will allow consumers free access to their credit reports. President Obama said this will allow Americans to find out earlier if they have been subject to fraud or had their credit compromised.

Another measure the president introduced is a Consumer Privacy Bill of Rights that he said would provide “basic baseline protections across industries,” to make sure that personal information would be collected and used properly.

There remains skepticism that Congress would pass the laws proposed by the president. In addition, experts say that a 30-day window to notify consumers could be difficult for companies because of the time it takes for an investigation and coordination with law enforcement to come up with definitive answers.

Technology issues will be one focus of the president in next week’s State of the Union Address. Several high-profile data breaches occurred last year, including credit card data and personal information that was exposed through Target and Home Depot, as well as the hacking of Sony Pictures two months ago.